Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Multiple Problems - Possible keylogger / Google searches taking me to

Started by iKonik , Sep 08 2011 10:00 AM

This topic is locked

#1
iKonik

Posted 08 September 2011 - 10:00 AM

Member

Member
11 posts

Hey there,

I recentally acquired what I think might be a keylogger due to some suspicious activity with games I've played and e-mail accounts, also having search engine searches for common things redirect me to ebay or other odd sites I've never visited before.
I also have a process called PING.exe taking up 60/70% of my CPU Usage, it doesn't show up on the standard task manager processes list I only found it on the resource monitor where I have suspended it temporarily for now, even after suspending it, my typing on skype and on my address bar and so on seems to have a small delay which is rather odd also.
I'm not really sure how else to describe it, So far I've used MalwareBytes doing a full scan and it's quarantined 6 infections so far which were:

Trojan.Hiloti
Trojan.Agent
Trojan.Agent.U

All of those being files and then three registry values which were Hiloti and Agent.U aswell as Hijack.ExeFile.

A friend of mine told me that it could possibly be someone harnassing my computer for DDOS usage or something but not 100% sure on that either.
Anyway I'll post my OTL log below it also provided me with an Extras.txt please just say if you require that also.

Thank you for your time in helping me.
Much Appreciated
Sam

OTL logfile created on: 08/09/2011 16:52:53 - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Sam\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 60.94% Memory free
8.00 Gb Paging File | 5.96 Gb Available in Paging File | 74.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 37.57 Gb Total Space | 7.09 Gb Free Space | 18.88% Space Free | Partition Type: NTFS
Drive D: | 195.31 Gb Total Space | 53.51 Gb Free Space | 27.40% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 877.99 Gb Free Space | 94.25% Space Free | Partition Type: NTFS

Computer Name: SAMS-PC | User Name: Sam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/08 16:52:49 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
PRC - [2011/08/31 09:58:30 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2011/08/31 09:58:18 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/08/04 00:17:13 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Games\Steam\Steam.exe
PRC - [2011/07/07 10:52:33 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/21 20:20:30 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe
PRC - [2011/04/28 10:35:25 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/02 12:19:34 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/10/16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/11/09 20:28:40 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/07/14 02:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE

========== Modules (No Company Name) ==========

MOD - [2011/09/07 00:27:58 | 014,407,976 | ---- | M] () -- D:\Games\Steam\bin\libcef.dll
MOD - [2011/09/07 00:27:55 | 000,190,248 | ---- | M] () -- D:\Games\Steam\bin\chromehtml.dll
MOD - [2011/09/07 00:27:53 | 000,091,432 | ---- | M] () -- D:\Games\Steam\bin\avutil-50.dll
MOD - [2011/09/07 00:27:51 | 000,155,432 | ---- | M] () -- D:\Games\Steam\bin\avformat-52.dll
MOD - [2011/09/07 00:27:49 | 000,914,216 | ---- | M] () -- D:\Games\Steam\bin\avcodec-52.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/08/31 09:58:30 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2011/08/31 09:58:18 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/08/04 14:34:48 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/08/02 10:51:41 | 003,542,616 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Akamai/netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011/07/07 10:52:33 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/28 10:35:25 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/10/16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/07 10:52:34 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/07/07 10:52:34 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/05/07 21:34:21 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2011/05/07 21:34:21 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2011/04/14 14:28:10 | 000,015,728 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVVideoCardMirror.sys -- (AirDisplayMirror)
DRV:64bit: - [2011/04/14 14:28:08 | 000,015,728 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVVideoCard.sys -- (AirDisplay)
DRV:64bit: - [2010/09/07 21:08:55 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/06/16 13:38:08 | 000,092,160 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/03/29 18:21:51 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/07/30 17:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 21:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2006/09/30 11:36:14 | 000,013,008 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pstrip64.sys -- (PStrip64)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Sam\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1010120-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/27 22:47:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/27 22:47:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{581DD211-893C-4A97-8641-A17B9323F686}: C:\Users\Sam\AppData\Local\{581DD211-893C-4A97-8641-A17B9323F686} [2011/09/07 00:08:13 | 000,000,000 | ---D | M]

[2010/07/16 01:26:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\Mozilla\Extensions
[2010/07/30 13:54:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\820n5vkg.default\extensions
[2010/07/30 13:54:44 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\820n5vkg.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010/07/30 13:50:25 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\820n5vkg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/07/16 01:26:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/26 08:47:04 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/06/26 08:47:04 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/06/26 08:47:04 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/06/26 08:47:04 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Hobbyist Software VLC Streamer] C:\Program Files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe (Hobbyist Software)
O4 - HKCU..\Run: [Steam] D:\Games\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerStrip.lnk = C:\Program Files (x86)\PowerStrip\PStrip.exe (EnTech Taiwan)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Sam\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Sam\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Sam\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Sam\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.16.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19E64FA2-BCAC-46B0-ACAD-394A75772759}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2988FE80-6010-4703-A8FA-6072F92F78BD}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EFBC53A-9B2C-4240-948E-A6FD283A4320}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F8C6694-59B5-445D-944F-C33C8574A66C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/08 16:52:44 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
[2011/09/08 16:49:48 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/09/08 16:49:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/09/08 00:46:59 | 000,000,000 | ---D | C] -- C:\Users\Sam\Documents\BTroopers
[2011/09/07 00:08:12 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\{581DD211-893C-4A97-8641-A17B9323F686}
[2011/08/30 00:25:12 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\dxhr
[2011/08/30 00:24:08 | 000,000,000 | ---D | C] -- C:\Users\Sam\Documents\ALI213
[2011/08/30 00:24:08 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\28050
[2011/08/28 01:26:41 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Hobbyist_Software
[2011/08/28 01:25:36 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Hobbyist Software
[2011/08/28 01:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VLC Streamer
[2011/08/28 01:24:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hobbyist Software
[2011/08/27 23:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AirDisplay
[2011/08/27 23:52:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Air Display
[2011/08/27 23:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\Avatron
[2011/08/27 22:49:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/27 22:48:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/27 22:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/27 22:48:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/08/27 22:47:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/27 22:47:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/08/27 22:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/27 22:46:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/08/27 22:44:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/08/22 22:02:04 | 000,000,000 | ---D | C] -- C:\Users\Sam\Documents\LOLReplay
[2011/08/22 22:02:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LOLReplay
[2011/08/14 13:00:35 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011/08/14 13:00:06 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Dropbox
[2011/04/07 18:19:01 | 000,586,752 | -HS- | C] (Microsoft Corporation) -- C:\Users\Sam\AppData\Local\sol.exe
[2011/04/07 18:19:01 | 000,586,752 | -HS- | C] (Microsoft Corporation) -- C:\Users\Sam\AppData\Local\ncl.exe
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/08 16:52:49 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
[2011/09/08 16:49:48 | 000,002,965 | ---- | M] () -- C:\Users\Sam\Desktop\HiJackThis.lnk
[2011/09/08 16:45:55 | 000,007,620 | ---- | M] () -- C:\Users\Sam\AppData\Local\Resmon.ResmonCfg
[2011/09/08 16:28:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/08 14:32:44 | 000,000,656 | ---- | M] () -- C:\Users\Sam\Desktop\World of Warcraft.lnk
[2011/09/08 13:52:34 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/08 13:52:34 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/08 13:44:39 | 000,009,346 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\PStrip.ini
[2011/09/08 13:44:37 | 000,009,364 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\PStrip.bak
[2011/09/08 13:44:35 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/08 13:43:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/08 13:43:40 | 3220,873,216 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/08 09:51:09 | 000,009,346 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\PStrip.bk!
[2011/09/08 09:12:37 | 000,009,346 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\PStrip.bko
[2011/09/07 09:02:42 | 000,000,120 | ---- | M] () -- C:\Users\Sam\AppData\Local\Smeruyiw.dat
[2011/09/07 00:08:14 | 000,000,000 | ---- | M] () -- C:\Users\Sam\AppData\Local\Ifejuvil.bin
[2011/09/06 18:02:49 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/06 18:02:49 | 000,664,532 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/06 18:02:49 | 000,125,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/03 20:51:25 | 000,122,204 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/08/31 09:58:30 | 000,107,832 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/08/31 09:58:18 | 002,250,024 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/08/31 09:58:18 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/08/30 16:59:14 | 002,054,104 | ---- | M] () -- C:\Users\Sam\Desktop\IMG_0203.JPG
[2011/08/30 12:07:10 | 000,004,607 | ---- | M] () -- C:\Users\Sam\.recently-used.xbel
[2011/08/27 22:49:11 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/26 07:54:07 | 007,921,704 | ---- | M] () -- C:\Users\Sam\Desktop\Adele_vs._Skrillex_-_Set_Fire_To_Everybody.mp3
[2011/08/25 15:31:48 | 016,641,315 | ---- | M] () -- C:\Users\Sam\Desktop\01 Android Porn.mp3
[2011/08/22 22:02:05 | 000,001,973 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2011/08/18 00:14:48 | 000,001,155 | ---- | M] () -- C:\Users\Sam\Desktop\World of Warcraft Romie.lnk
[2011/08/17 23:14:29 | 003,383,525 | ---- | M] () -- C:\Users\Sam\Desktop\Maligned.psd
[2011/08/14 13:04:14 | 000,001,036 | ---- | M] () -- C:\Users\Sam\Desktop\Dropbox.lnk
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/08 16:49:48 | 000,002,965 | ---- | C] () -- C:\Users\Sam\Desktop\HiJackThis.lnk
[2011/09/07 00:08:14 | 000,000,120 | ---- | C] () -- C:\Users\Sam\AppData\Local\Smeruyiw.dat
[2011/09/07 00:08:14 | 000,000,000 | ---- | C] () -- C:\Users\Sam\AppData\Local\Ifejuvil.bin
[2011/09/03 20:51:25 | 000,122,204 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/08/31 09:58:17 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/08/30 16:57:51 | 002,054,104 | ---- | C] () -- C:\Users\Sam\Desktop\IMG_0203.JPG
[2011/08/30 12:07:10 | 000,004,607 | ---- | C] () -- C:\Users\Sam\.recently-used.xbel
[2011/08/27 22:49:11 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/26 07:54:07 | 007,921,704 | ---- | C] () -- C:\Users\Sam\Desktop\Adele_vs._Skrillex_-_Set_Fire_To_Everybody.mp3
[2011/08/25 15:30:45 | 016,641,315 | ---- | C] () -- C:\Users\Sam\Desktop\01 Android Porn.mp3
[2011/08/22 22:02:05 | 000,001,973 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2011/08/22 22:02:05 | 000,001,913 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk
[2011/08/18 00:14:48 | 000,001,155 | ---- | C] () -- C:\Users\Sam\Desktop\World of Warcraft Romie.lnk
[2011/08/17 23:14:19 | 003,383,525 | ---- | C] () -- C:\Users\Sam\Desktop\Maligned.psd
[2011/08/14 13:04:14 | 000,001,036 | ---- | C] () -- C:\Users\Sam\Desktop\Dropbox.lnk
[2011/07/29 01:00:50 | 000,000,059 | ---- | C] () -- C:\Windows\RUNAWAY.INI
[2011/06/15 18:11:29 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/04/07 18:19:08 | 000,010,886 | -HS- | C] () -- C:\Users\Sam\AppData\Local\325cq8r6ceko405fg
[2011/04/07 18:19:08 | 000,010,886 | -HS- | C] () -- C:\ProgramData\325cq8r6ceko405fg
[2011/02/26 02:19:32 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/10/31 12:33:35 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2010/09/08 06:05:39 | 000,000,132 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/07/23 11:15:30 | 000,009,346 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\PStrip.bko
[2010/07/22 12:22:51 | 000,009,346 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\PStrip.bk!
[2010/07/22 12:22:43 | 000,009,364 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\PStrip.bak
[2010/07/22 12:16:18 | 000,009,346 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\PStrip.ini
[2010/07/22 12:00:45 | 000,000,438 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat
[2010/07/15 23:08:32 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/06/27 11:28:48 | 000,764,734 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/21 14:53:11 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/06/12 13:06:14 | 000,000,747 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\MPQEditor.ini
[2010/05/25 17:46:26 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/04/25 14:29:44 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/04/25 14:29:43 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/04/25 14:29:42 | 002,359,592 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_apb.exe
[2010/04/10 23:37:25 | 000,007,620 | ---- | C] () -- C:\Users\Sam\AppData\Local\Resmon.ResmonCfg
[2010/04/05 02:34:22 | 000,003,584 | ---- | C] () -- C:\Users\Sam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/01 13:27:48 | 000,000,396 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/03/15 03:39:00 | 001,364,522 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\wrar393.exe
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/04/20 18:15:46 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\.minecraft
[2011/07/09 08:36:58 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Command and Conquer 4
[2010/03/29 18:30:06 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\DAEMON Tools Lite
[2011/03/29 11:40:26 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\DarksporeData
[2011/07/21 21:18:37 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Downloaded Installations
[2011/09/08 13:45:33 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Dropbox
[2011/08/22 16:39:23 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\DVDVideoSoft
[2011/08/22 16:39:19 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/08/22 09:44:53 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\gtk-2.0
[2011/08/28 01:25:36 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Hobbyist Software
[2010/09/30 13:59:57 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Leadertech
[2010/09/26 17:06:21 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\LolClient
[2010/07/27 10:48:28 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Megaupload
[2010/07/18 23:23:39 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\MotioninJoy
[2011/06/01 20:54:04 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Mumble
[2010/12/22 06:31:14 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\NationRed
[2011/03/21 01:44:13 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Nicalis
[2010/05/10 21:44:25 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Octoshape
[2011/05/07 10:09:30 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\OnLive App
[2010/04/10 21:58:28 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\OpenOffice.org
[2011/06/15 07:33:34 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Orbit
[2011/06/15 07:33:34 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\ProgSense
[2011/07/27 08:20:25 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Propellerhead Software
[2010/05/12 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Publish Providers
[2011/03/16 10:24:48 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PunkBuster
[2010/10/28 23:58:58 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\RayV
[2011/04/06 13:00:12 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Research In Motion
[2011/02/16 10:18:28 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\RIFT
[2011/06/21 17:06:42 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Rovio
[2011/07/03 23:22:17 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\runic games
[2010/05/12 12:29:38 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Sony
[2010/09/25 23:48:17 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Sports Interactive
[2011/06/23 15:41:50 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Spotify
[2011/09/08 10:38:05 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TS3Client
[2011/07/11 11:31:58 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Ubisoft
[2011/09/07 17:47:50 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\uTorrent
[2010/12/01 02:28:30 | 000,000,000 | -HSD | M] -- C:\Users\Sam\AppData\Roaming\wyUpdate AU
[2011/08/01 10:12:12 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

#2
Essexboy

Posted 08 September 2011 - 11:57 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi there lets run a few checks first and remove some malware

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
[2011/09/07 00:08:14 | 000,000,120 | ---- | C] () -- C:\Users\Sam\AppData\Local\Smeruyiw.dat
[2011/09/07 00:08:14 | 000,000,000 | ---- | C] () -- C:\Users\Sam\AppData\Local\Ifejuvil.bin
[2011/04/07 18:19:08 | 000,010,886 | -HS- | C] () -- C:\Users\Sam\AppData\Local\325cq8r6ceko405fg
[2011/04/07 18:19:08 | 000,010,886 | -HS- | C] () -- C:\ProgramData\325cq8r6ceko405fg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

AND FINALY

Run OTL.
Select All Users
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U /s
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

#3
iKonik

Posted 08 September 2011 - 12:59 PM

Member

Topic Starter
Member
11 posts

First off thank you for taking your time to help me,

With the aswMBR program, It asked me if it wanted to download the Avast Definitions I didn't allow it to do it as it wasn't what you stated if you want me to redo it with that just say so and I can do. But otherwise this is what I got so far.

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-08 19:42:45
-----------------------------
19:42:45.223 OS Version: Windows x64 6.1.7600
19:42:45.223 Number of processors: 2 586 0x4B02
19:42:45.223 ComputerName: SAMS-PC UserName: Sam
19:42:46.848 Initialize success
19:43:19.185 Disk 0 \Device\Harddisk0\DR0 -> \Device\00000078
19:43:19.185 Disk 0 Vendor: SAMSUNG_ 1AJ1 Size: 953868MB BusType: 3
19:43:19.185 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000079
19:43:19.185 Disk 1 Vendor: MAXTOR_S 3.AA Size: 238474MB BusType: 3
19:43:19.201 Device \Driver\nvstor -> MajorFunction fffffa80046b86c0
19:43:21.201 Disk 1 MBR read successfully
19:43:21.201 Disk 1 MBR scan
19:43:21.201 Disk 1 Windows 7 default MBR code
19:43:21.216 Service scanning
19:43:31.013 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
19:43:32.419 Modules scanning
19:43:32.419 Disk 1 trace - called modules:
19:43:32.419 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80046b86c0]<<
19:43:32.419 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800468f060]
19:43:32.419 3 CLASSPNP.SYS[fffff88000c6343f] -> nt!IofCallDriver -> [0xfffffa800451b130]
19:43:32.419 5 ACPI.sys[fffff880011a9781] -> nt!IofCallDriver -> \Device\00000079[0xfffffa80045309d0]
19:43:32.419 \Driver\nvstor[0xfffffa8004696370] -> IRP_MJ_CREATE -> 0xfffffa80046b86c0
19:43:32.419 Scan finished successfully
19:43:54.576 Disk 1 MBR has been saved successfully to "C:\Users\Sam\Desktop\MBR.dat"
19:43:54.576 The log file has been saved successfully to "C:\Users\Sam\Desktop\aswMBR.txt"

Also you didn't mention about posting the OTL log but it seemed needed.

OTL logfile created on: 08/09/2011 19:45:10 - Run 2
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Sam\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 63.84% Memory free
8.00 Gb Paging File | 6.49 Gb Available in Paging File | 81.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 37.57 Gb Total Space | 7.26 Gb Free Space | 19.34% Space Free | Partition Type: NTFS
Drive D: | 195.31 Gb Total Space | 52.84 Gb Free Space | 27.06% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 877.99 Gb Free Space | 94.25% Space Free | Partition Type: NTFS

Computer Name: SAMS-PC | User Name: Sam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/08 16:52:49 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
PRC - [2011/08/31 09:58:30 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2011/08/31 09:58:18 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/07/07 10:52:33 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/21 20:20:30 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe
PRC - [2011/04/28 10:35:25 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/02 12:19:34 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/10/16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/11/09 20:28:40 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/07/14 02:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE

========== Modules (No Company Name) ==========

MOD - [2010/03/15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/08/31 09:58:30 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2011/08/31 09:58:18 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/08/04 14:34:48 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/08/02 10:51:41 | 003,542,616 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Akamai/netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011/07/07 10:52:33 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/28 10:35:25 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/10/16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/07 10:52:34 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/07/07 10:52:34 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/05/07 21:34:21 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2011/05/07 21:34:21 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2011/04/14 14:28:10 | 000,015,728 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVVideoCardMirror.sys -- (AirDisplayMirror)
DRV:64bit: - [2011/04/14 14:28:08 | 000,015,728 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVVideoCard.sys -- (AirDisplay)
DRV:64bit: - [2010/09/07 21:08:55 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/06/16 13:38:08 | 000,092,160 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/03/29 18:21:51 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/07/30 17:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 21:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2006/09/30 11:36:14 | 000,013,008 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pstrip64.sys -- (PStrip64)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3931593098-359699254-2599459795-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-3931593098-359699254-2599459795-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3931593098-359699254-2599459795-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Sam\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1010120-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/27 22:47:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/27 22:47:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{581DD211-893C-4A97-8641-A17B9323F686}: C:\Users\Sam\AppData\Local\{581DD211-893C-4A97-8641-A17B9323F686} [2011/09/07 00:08:13 | 000,000,000 | ---D | M]

[2010/07/16 01:26:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\Mozilla\Extensions
[2010/07/30 13:54:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\820n5vkg.default\extensions
[2010/07/30 13:54:44 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\820n5vkg.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010/07/30 13:50:25 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\820n5vkg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/07/16 01:26:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/26 08:47:04 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/06/26 08:47:04 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/06/26 08:47:04 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/06/26 08:47:04 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/09/08 19:36:33 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3931593098-359699254-2599459795-1000..\Run: [Hobbyist Software VLC Streamer] C:\Program Files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe (Hobbyist Software)
O4 - HKU\S-1-5-21-3931593098-359699254-2599459795-1000..\Run: [Steam] D:\Games\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerStrip.lnk = C:\Program Files (x86)\PowerStrip\PStrip.exe (EnTech Taiwan)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3931593098-359699254-2599459795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Sam\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Sam\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Sam\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Sam\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-3931593098-359699254-2599459795-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3931593098-359699254-2599459795-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3931593098-359699254-2599459795-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3931593098-359699254-2599459795-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.16.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19E64FA2-BCAC-46B0-ACAD-394A75772759}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2988FE80-6010-4703-A8FA-6072F92F78BD}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EFBC53A-9B2C-4240-948E-A6FD283A4320}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F8C6694-59B5-445D-944F-C33C8574A66C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-3931593098-359699254-2599459795-1000..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3931593098-359699254-2599459795-1000\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/08 19:42:32 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Sam\Desktop\aswMBR.exe
[2011/09/08 19:36:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/08 16:52:44 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
[2011/09/08 16:49:48 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/09/08 16:49:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/09/08 00:46:59 | 000,000,000 | ---D | C] -- C:\Users\Sam\Documents\BTroopers
[2011/09/07 00:08:12 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\{581DD211-893C-4A97-8641-A17B9323F686}
[2011/08/30 00:25:12 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\dxhr
[2011/08/30 00:24:08 | 000,000,000 | ---D | C] -- C:\Users\Sam\Documents\ALI213
[2011/08/30 00:24:08 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\28050
[2011/08/28 01:26:41 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Hobbyist_Software
[2011/08/28 01:25:36 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Hobbyist Software
[2011/08/28 01:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VLC Streamer
[2011/08/28 01:24:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hobbyist Software
[2011/08/27 23:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AirDisplay
[2011/08/27 23:52:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Air Display
[2011/08/27 23:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\Avatron
[2011/08/27 22:49:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/27 22:48:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/27 22:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/27 22:48:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/08/27 22:47:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/27 22:47:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/08/27 22:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/27 22:46:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/08/27 22:44:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/08/22 22:02:04 | 000,000,000 | ---D | C] -- C:\Users\Sam\Documents\LOLReplay
[2011/08/22 22:02:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LOLReplay
[2011/08/14 13:00:35 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011/08/14 13:00:06 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Dropbox
[2011/04/07 18:19:01 | 000,586,752 | -HS- | C] (Microsoft Corporation) -- C:\Users\Sam\AppData\Local\sol.exe
[2011/04/07 18:19:01 | 000,586,752 | -HS- | C] (Microsoft Corporation) -- C:\Users\Sam\AppData\Local\ncl.exe

========== Files - Modified Within 30 Days ==========

[2011/09/08 19:47:24 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/08 19:47:24 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/08 19:43:54 | 000,000,512 | ---- | M] () -- C:\Users\Sam\Desktop\MBR.dat
[2011/09/08 19:42:41 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Sam\Desktop\aswMBR.exe
[2011/09/08 19:41:10 | 000,009,346 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\PStrip.ini
[2011/09/08 19:39:53 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/08 19:39:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/08 19:39:25 | 3220,873,216 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/08 19:36:33 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/09/08 19:28:26 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/08 17:04:30 | 000,007,620 | ---- | M] () -- C:\Users\Sam\AppData\Local\Resmon.ResmonCfg
[2011/09/08 16:52:49 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
[2011/09/08 16:49:48 | 000,002,965 | ---- | M] () -- C:\Users\Sam\Desktop\HiJackThis.lnk
[2011/09/08 14:32:44 | 000,000,656 | ---- | M] () -- C:\Users\Sam\Desktop\World of Warcraft.lnk
[2011/09/08 13:44:39 | 000,009,346 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\PStrip.bak
[2011/09/08 13:44:37 | 000,009,364 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\PStrip.bko
[2011/09/08 09:51:09 | 000,009,346 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\PStrip.bk!
[2011/09/06 18:02:49 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/06 18:02:49 | 000,664,532 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/06 18:02:49 | 000,125,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/03 20:51:25 | 000,122,204 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/08/31 09:58:30 | 000,107,832 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/08/31 09:58:18 | 002,250,024 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/08/31 09:58:18 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/08/30 16:59:14 | 002,054,104 | ---- | M] () -- C:\Users\Sam\Desktop\IMG_0203.JPG
[2011/08/30 12:07:10 | 000,004,607 | ---- | M] () -- C:\Users\Sam\.recently-used.xbel
[2011/08/27 22:49:11 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/26 07:54:07 | 007,921,704 | ---- | M] () -- C:\Users\Sam\Desktop\Adele_vs._Skrillex_-_Set_Fire_To_Everybody.mp3
[2011/08/25 15:31:48 | 016,641,315 | ---- | M] () -- C:\Users\Sam\Desktop\01 Android Porn.mp3
[2011/08/22 22:02:05 | 000,001,973 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2011/08/18 00:14:48 | 000,001,155 | ---- | M] () -- C:\Users\Sam\Desktop\World of Warcraft Romie.lnk
[2011/08/17 23:14:29 | 003,383,525 | ---- | M] () -- C:\Users\Sam\Desktop\Maligned.psd
[2011/08/14 13:04:14 | 000,001,036 | ---- | M] () -- C:\Users\Sam\Desktop\Dropbox.lnk

========== Files Created - No Company Name ==========

[2011/09/08 19:43:54 | 000,000,512 | ---- | C] () -- C:\Users\Sam\Desktop\MBR.dat
[2011/09/08 16:49:48 | 000,002,965 | ---- | C] () -- C:\Users\Sam\Desktop\HiJackThis.lnk
[2011/09/03 20:51:25 | 000,122,204 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/08/31 09:58:17 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/08/30 16:57:51 | 002,054,104 | ---- | C] () -- C:\Users\Sam\Desktop\IMG_0203.JPG
[2011/08/30 12:07:10 | 000,004,607 | ---- | C] () -- C:\Users\Sam\.recently-used.xbel
[2011/08/27 22:49:11 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/26 07:54:07 | 007,921,704 | ---- | C] () -- C:\Users\Sam\Desktop\Adele_vs._Skrillex_-_Set_Fire_To_Everybody.mp3
[2011/08/25 15:30:45 | 016,641,315 | ---- | C] () -- C:\Users\Sam\Desktop\01 Android Porn.mp3
[2011/08/22 22:02:05 | 000,001,973 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2011/08/22 22:02:05 | 000,001,913 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk
[2011/08/18 00:14:48 | 000,001,155 | ---- | C] () -- C:\Users\Sam\Desktop\World of Warcraft Romie.lnk
[2011/08/17 23:14:19 | 003,383,525 | ---- | C] () -- C:\Users\Sam\Desktop\Maligned.psd
[2011/08/14 13:04:14 | 000,001,036 | ---- | C] () -- C:\Users\Sam\Desktop\Dropbox.lnk
[2011/07/29 01:00:50 | 000,000,059 | ---- | C] () -- C:\Windows\RUNAWAY.INI
[2011/06/15 18:11:29 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/26 02:19:32 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/10/31 12:33:35 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2010/09/08 06:05:39 | 000,000,132 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/07/23 11:15:30 | 000,009,364 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\PStrip.bko
[2010/07/22 12:22:51 | 000,009,346 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\PStrip.bk!
[2010/07/22 12:22:43 | 000,009,346 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\PStrip.bak
[2010/07/22 12:16:18 | 000,009,346 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\PStrip.ini
[2010/07/22 12:00:45 | 000,000,438 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat
[2010/07/15 23:08:32 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/06/27 11:28:48 | 000,764,734 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/21 14:53:11 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/06/12 13:06:14 | 000,000,747 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\MPQEditor.ini
[2010/05/25 17:46:26 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/04/25 14:29:44 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/04/25 14:29:43 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/04/25 14:29:42 | 002,359,592 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_apb.exe
[2010/04/10 23:37:25 | 000,007,620 | ---- | C] () -- C:\Users\Sam\AppData\Local\Resmon.ResmonCfg
[2010/04/05 02:34:22 | 000,003,584 | ---- | C] () -- C:\Users\Sam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/01 13:27:48 | 000,000,396 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/03/15 03:39:00 | 001,364,522 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\wrar393.exe
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/04/20 18:15:46 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\.minecraft
[2011/07/09 08:36:58 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Command and Conquer 4
[2010/03/29 18:30:06 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\DAEMON Tools Lite
[2011/03/29 11:40:26 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\DarksporeData
[2011/07/21 21:18:37 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Downloaded Installations
[2011/09/08 13:45:33 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Dropbox
[2011/08/22 16:39:23 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\DVDVideoSoft
[2011/08/22 16:39:19 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/08/22 09:44:53 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\gtk-2.0
[2011/08/28 01:25:36 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Hobbyist Software
[2010/09/30 13:59:57 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Leadertech
[2010/09/26 17:06:21 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\LolClient
[2010/07/27 10:48:28 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Megaupload
[2010/07/18 23:23:39 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\MotioninJoy
[2011/06/01 20:54:04 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Mumble
[2010/12/22 06:31:14 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\NationRed
[2011/03/21 01:44:13 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Nicalis
[2010/05/10 21:44:25 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Octoshape
[2011/05/07 10:09:30 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\OnLive App
[2010/04/10 21:58:28 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\OpenOffice.org
[2011/06/15 07:33:34 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Orbit
[2011/06/15 07:33:34 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\ProgSense
[2011/07/27 08:20:25 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Propellerhead Software
[2010/05/12 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Publish Providers
[2011/03/16 10:24:48 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PunkBuster
[2010/10/28 23:58:58 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\RayV
[2011/04/06 13:00:12 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Research In Motion
[2011/02/16 10:18:28 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\RIFT
[2011/06/21 17:06:42 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Rovio
[2011/07/03 23:22:17 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\runic games
[2010/05/12 12:29:38 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Sony
[2010/09/25 23:48:17 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Sports Interactive
[2011/06/23 15:41:50 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Spotify
[2011/09/08 10:38:05 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TS3Client
[2011/07/11 11:31:58 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Ubisoft
[2011/09/07 17:47:50 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\uTorrent
[2010/12/01 02:28:30 | 000,000,000 | -HSD | M] -- C:\Users\Sam\AppData\Roaming\wyUpdate AU
[2011/08/01 10:12:12 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009/11/09 20:28:40 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/11/09 20:28:40 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/11/09 20:28:40 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/11/09 20:28:40 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< C:\Windows\assembly\tmp\U /s >

< End of report >

Also during all of this I have MalwareBytes telling me it is blocking processes Ping.exe sending stuff to a malicious website or something along those lines also blocked one coming from iexplore.exe and trying to upload a picture from my desktop to tinypic has also had my internet explorer forward me to some malicious website, The picture contained my malwarebytes quarantine showing an Exploit.Drop virus in my windows temp folders. Really isn't looking good atm thank you so much for your help.

#4
Essexboy

Posted 08 September 2011 - 01:27 PM

GeekU Moderator

Retired Staff
69,964 posts

Aye looking at that it is hidden quite deep so I will up the ante

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#5
iKonik

Posted 08 September 2011 - 02:10 PM

Member

Topic Starter
Member
11 posts

Combofix appears to be frozen on the preparing log report blue screen page for about 20 minutes now while I am still getting warnings from MalwareBytes popping up about malicious attempts.
The computer feels as normal no slowness on typing and the cpu usage is standard. But it hasn't given me a log I can provide, also during the scan it had approximately 20 windows closure errors to do with a stream splitter something I can't quite remember sorry. But thats the problem I'm having now. I'll wait for you to reply to decide whether I should close ComboFix or leave it going.

#6
Essexboy

Posted 08 September 2011 - 02:13 PM

GeekU Moderator

Retired Staff
69,964 posts

Stop combofix please. Then rerun it again. If it freezes then stop it and I will get out the bigger hammer

#7
iKonik

Posted 08 September 2011 - 03:13 PM

Member

Topic Starter
Member
11 posts

No luck exactly the same thing :unsure:

Takes far longer than the 10 minutes it states too and all of my startup programs and processes startup as normal while ComboFix is preparing the log which I guess it isn't. I'm hoping your bigger hammer works really well and isn't gonna scare me

#8
Essexboy

Posted 08 September 2011 - 03:41 PM

GeekU Moderator

Retired Staff
69,964 posts

Not overly scarey

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post

Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image

Megaupload

#9
iKonik

Posted 08 September 2011 - 05:50 PM

Member

Topic Starter
Member
11 posts

It's giving me an estimated 8 hour scan time so I'll get back to you in the morning

Thank you for the help so far.

#10
iKonik

Posted 09 September 2011 - 02:49 AM

Member

Topic Starter
Member
11 posts

Right so results of the 8 and a half hour scan came back with 3 infections, 2 of them on my C Drive and one on my E drive so lucky I selected that aswell although you didn't recommend it.

http://www.megaupload.com/?d=Z2IOD4JK

Thats the AVPtool System Information and the Disinfected log.

Right now my Malware Bytes hasn't given me a single warning about ping.exe or iexplore.exe attempting to access malicious websites which is what it has been spamming me with up until the restart when AVP did its disinfecting but I still get the feeling something might be left still, I guess you can tell from what I've just sent you though.

Thanks again

#11
Essexboy

Posted 09 September 2011 - 10:06 AM

GeekU Moderator

Retired Staff
69,964 posts

Could you attach the zip file please as Megaupload is now getting a bit uppity about how many downloads I am doing from there

#12
iKonik

Posted 09 September 2011 - 11:43 AM

Member

Topic Starter
Member
11 posts

Of course, Attached it to this post.

Attached Files

Avptool_sysinfo + Disinfected Log.zip 14.42KB 132 downloads

#13
Essexboy

Posted 09 September 2011 - 11:47 AM

GeekU Moderator

Retired Staff
69,964 posts

Nice it killed an MBR bootkit

Combofix should run now, allow it to update if it asks

#14
iKonik

Posted 09 September 2011 - 12:39 PM

Member

Topic Starter
Member
11 posts

Left it Preparing a Log Report for about 20 minutes to no luck, Also every single Stage of Combofix's running or scanning etc has 1 or 2 something Stream Splitter errors everytime.

Not sure what to do.

#15
Essexboy

Posted 09 September 2011 - 12:42 PM

GeekU Moderator

Retired Staff
69,964 posts

OK stop it and I will revert to OTL to confirm that nothing else is evident... How is the computer behaving now after the MBR infection was removed ?

Run OTL.
Select All Users
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
C:\Windows\assembly\tmp\U /s
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs